Cross-site Scripting Vulnerability in Chamber Dashboard Business Directory by Morgan Kay
CVE-2025-32162

6.5MEDIUM

Key Information:

Vendor: Morgan Kay
Status: Chamber Dashboard Business Directory
Vendor: CVE Published:; 4 April 2025

What is CVE-2025-32162?

A Cross-site Scripting (XSS) vulnerability exists in the Chamber Dashboard Business Directory plugin by Morgan Kay, allowing attackers to inject malicious scripts into web pages generated by the plugin. This vulnerability affects versions from n/a up to and including 3.3.11. An attacker can exploit this flaw to execute arbitrary scripts in the context of an unsuspecting user's browser, potentially leading to data theft, session hijacking, or other malicious activities. It is essential for users of the affected plugin to apply necessary patches to mitigate this security risk.

Affected Version(s)

Chamber Dashboard Business Directory <= 3.3.11

References

https://patchstack.com/database/wordpress/plugin/chamber-...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 4, 2025
Vulnerability Reserved
Apr 4, 2025

Credit

theviper17 (Patchstack Alliance)

CVE-2025-32162 Data

JSON